I would like to restrict access to my site based on the IP address of the client. For example, if an user’s IP address has had past transgressions on my site, I want to effectively block it.
I know how to access the IP address in Meteor Methods (ip = this.connection.clientAddress;), but now I want to know how I can block it from access.
Something like this?
// Server.js
Meteor.onConnection(function (connection) {
// Check if connected client has their IP banned
if (BannedIPs.findOne({IP: connection.clientAddress})) {
// Close/deny connection
connection.close();
}
})
More info: http://docs.meteor.com/#/full/meteor_onconnection
Relevant package: https://github.com/mizzao/meteor-user-status
I know I’m a bit late to a party.
But here are my 2 cents.
Looks like when Dpp is disconnected it immediately tries to connect.
So client will try to connect indefinitely.
Now I’m blocking request on the server side using picker it works!
const pickerFilter = (req, res) => {
const ip = req.connection.remoteAddress || req.headers['x-forwarded-for'];
console.log('ip', ip);
const whiteListIpOnly = Meteor.settings.public.whiteListIpOnly || process.env.WHITELIST_IPS_ONLY;
// Check if connected client has their IP banned
if (whiteListIpOnly){
if (!Ips.findOne({ address: ip})){
return true;
}
} else {
if (Ips.findOne({ address: ip })) {
return true;
}
}
}
Picker.filter(pickerFilter).middleware((req, res) => {
res.writeHead(404);
res.end();
});
Where in the Server code did you put this? Startup?
I’ve just put it in file server/index.js
I haven’t used Meteor.startup
Which is defined in package.json
"meteor": {
"mainModule": {
"client": "startup/client/index.js",
"server": "startup/server/index.js"
}
},